Last Saturday I run an update to install the latest updates,
After the update I can’t connect to my shared locations,
When i run the system diagnostic, I receive a lot off error message:
The following KDCs were unreachable: tcp myserver01.mydomain.nl:88, udp myserver01.mydomain.nl:88
and
This is a Samba 4 DC, but samba-tool processes
reports no kdc_server
.
Samba4 isn’t started, I was able to start samba with /etc/init.d/samba restart
But that didn’t solve the issue.
while the I still see this error:
Traceback (most recent call last):
File "/usr/lib/pymodules/python2.7/univention/management/console/modules/diagnostic/__init__.py", line 275, in execute
result = execute(umc_module, **kwargs)
File "/usr/lib/pymodules/python2.7/univention/management/console/modules/diagnostic/plugins/41_samba_tool_showrepl.py", line 149, in run
drs = DRSUAPI()
File "/usr/lib/pymodules/python2.7/univention/management/console/modules/diagnostic/plugins/41_samba_tool_showrepl.py", line 62, in __init__
drs_tuple = drs_utils.drsuapi_connect(self.server, self.load_param, self.credentials)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 63, in drsuapi_connect
raise drsException("DRS connection to %s failed: %s" % (server, e))
drsException: drsException: DRS connection to myserver01.mydomain.nl failed: (3221226038, 'The transport-connection attempt was refused by the remote system.')"
Hopefully one off you can tell me how I can resolve this issue.
Thanks!
Hello,
This means UCS 4.4-0 Errata 33?
Best regards,
Michael Grandjean
Yes, that’s right.
On that moment that Samba didn’t start I found a post, that this happens in the past as well, and thy wrote, you
you can start Samba /etc/init.d/samba start
Yesterday I found that the KDC server isn’t available, so I was already satisfied that I see the Errata 41, but this didn’t solve the issue.
Do you know how I can solve this??
When I run samba-tool drs showrepl, I receive the following
Failed to connect host 192.168.10.50 on port 135 - NT_STATUS_CONNECTION_REFUSED
Failed to connect host 192.168.10.50 (myserver01.mydomain.nl) on port 135 - NT_STATUS_CONNECTION_REFUSED.
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to myserver01.mydomain.nl failed - drsException: DRS connection to myserver01.mydomain.nl failed: (3221226038, 'The transport-connection attempt was refused by the remote system.')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 54, in drsuapi_connect
(ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) = drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 63, in drsuapi_connect
raise drsException("DRS connection to %s failed: %s" % (server, e))
root@myserver01:~#
And when I run: /usr/share/univention-samba4/scripts/check_essential_samba4_dns_records.sh
gc._msdcs.mydomain.nl has address 192.168.10.50
_gc._tcp.mydomain.nl has SRV record 0 100 3268 myserver01.mydomain.nl.
_ldap._tcp.gc._msdcs.mydomain.nl has SRV record 0 100 3268 myserver01.mydomain.nl.
_ldap._tcp.mydomain.nl has SRV record 0 100 389 myserver01.mydomain.nl.
_ldap._tcp.dc._msdcs.mydomain.nl has SRV record 0 100 389 myserver01.mydomain.nl.
_ldap._tcp.pdc._msdcs.mydomain.nl has SRV record 0 100 389 myserver01.mydomain.nl.
_ldap._tcp.3680fc08-2c5c-486f-9270-98f0857fbe4c.domains._msdcs.mydomain.nl has SRV record 0 100 389 myserver01.mydomain.nl.
_kerberos._tcp.dc._msdcs.mydomain.nl has SRV record 0 100 88 myserver01.mydomain.nl.
_kerberos._tcp.mydomain.nl has SRV record 0 100 88 myserver01.mydomain.nl.
_kerberos._udp.mydomain.nl has SRV record 0 100 88 myserver01.mydomain.nl.
_kpasswd._tcp.mydomain.nl has SRV record 0 100 464 myserver01.mydomain.nl.
_kpasswd._udp.mydomain.nl has SRV record 0 100 464 myserver01.mydomain.nl.
Located DC 'myserver01' in site 'Default-First-Site-Name'
79b2ba6b-4714-4e1a-ad44-817621bba88d._msdcs.mydomain.nl is an alias for myserver01.mydomain.nl.
## Records for site Default-First-Site-Name:
_ldap._tcp.Default-First-Site-Name._sites.mydomain.nl has SRV record 0 100 389 myserver01.mydomain.nl.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.nl has SRV record 0 100 389 myserver01.mydomain.nl.
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.nl has SRV record 0 100 88 myserver01.mydomain.nl.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.nl has SRV record 0 100 88 myserver01.mydomain.nl.
## Optional GC Records for site Default-First-Site-Name:
_gc._tcp.Default-First-Site-Name._sites.mydomain.nl has SRV record 0 100 3268 myserver01.mydomain.nl.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.nl has SRV record 0 100 3268 myserver01.mydomain.nl.
_kerberos.mydomain.nl descriptive text "mydomain.NL"
root@myserver01:~#
Hopefully, someone, can tell me how I can solve this issue!
Hi,
sure samba is started? What says
ps ax| grep smbd
?
Additonally the output of these commands, please:
ucr dump| grep -iE "samba/inter|faces/prim"
/CV
1 Like
21995 pts/1 S+ 0:00 grep smbd
and from:
ucr dump| grep -iE “samba/inter|faces/prim”
interfaces/primary: eth0
And the output of etc/init.d/samba status
root@myserver01:~# /etc/init.d/samba status
● samba-ad-dc.service - LSB: Samba daemons for the AD DC
Loaded: loaded (/etc/init.d/samba-ad-dc; generated; vendor preset: enabled)
Active: active (exited) since Mon 2019-04-08 18:42:21 CEST; 17h ago
Docs: man:systemd-sysv-generator(8)
Tasks: 0 (limit: 4915)
Memory: 0B
CPU: 0
CGroup: /system.slice/samba-ad-dc.service
Apr 08 18:42:20 myserver01 systemd[1]: Starting LSB: Samba daemons for the AD DC...
Apr 08 18:42:21 myserver01 samba-ad-dc[24329]: Starting Samba AD DC daemon: samba.
Apr 08 18:42:21 myserver01 systemd[1]: Started LSB: Samba daemons for the AD DC.
root@myserver01:~#
Hi,
somehow it looks like your Samba is not installed at all. At least it is not running and I miss the UCR-variables related to Samba.
Output of:
dpkg -l| grep -iE "samba|server-master"
?
/CV
root@myserver01:~# dpkg -l| grep -iE "samba|server-master"
ii kopano-webapp-plugin-filesbackend-smb 2.1.0.50+30.1 all Adds Samba specific functionality to Kopano Files plugin.
ii libwbclient0:amd64 2:4.10.1-1A~4.4.0.201904031509 amd64 Samba winbind client library
ii php-libsmbclient 0.5.0-30.4 amd64 libsmbclient-php is a PHP extension that uses Samba's libsmbclient
ii python-samba 2:4.10.1-1A~4.4.0.201904031509 amd64 Python bindings for Samba
ii samba 2:4.10.1-1A~4.4.0.201904031509 amd64 SMB/CIFS file, print, and login server for Unix
ii samba-common 2:4.10.1-1A~4.4.0.201904031509 all common files used by both the Samba server and client
ii samba-common-bin 2:4.10.1-1A~4.4.0.201904031509 amd64 Samba common files used by both the server and the client
ii samba-dsdb-modules 2:4.10.1-1A~4.4.0.201904031509 amd64 Samba Directory Services Database
ii samba-libs:amd64 2:4.10.1-1A~4.4.0.201904031509 amd64 Samba core libraries
ii samba-vfs-modules 2:4.10.1-1A~4.4.0.201904031509 amd64 Samba Virtual FileSystem plugins
ii univention-nagios-samba 4.0.1-1A~4.4.0.201812201739 amd64 nagios plugin for UCS samba
ii univention-newsid 9.0.0-1A~4.3.0.201712120245 amd64 UCS - generate a new samba sid
ii univention-s4-connector 13.0.2-4A~4.4.0.201903141417 all UCS - Modules for sync UCS and Samba4 LDB directory
ii univention-samba-local-config 13.0.0-2A~4.4.0.201903141254 all UCS - UCR Extensions for configuration of local shares
ii univention-samba4 8.0.0-17A~4.4.0.201903251927 amd64 UCS - Samba4 integration package
ii univention-samba4-sysvol-sync 8.0.0-17A~4.4.0.201903251927 all UCS - Samba4 sysvol synchronization
ii univention-server-master 14.0.0-2A~4.4.0.201901062148 all UCS - master domain controller
root@myserver01:~#
Hi,
looks good so far. Just wondering why the UCR variables are not set.
ucr dump| grep -iE "^samba/|^samba4/"
?
/CV
Hi, thanks for your support,
When I try sto start the SAMB4 service I receive the following error message
Could not fulfill the request.
Server error message:
Starting the service samba4 failed:
Unit samba4.service could not be found.
when I run /etc/init.d/samba status, it show that it’s running
● samba-ad-dc.service - LSB: Samba daemons for the AD DC
Loaded: loaded (/etc/init.d/samba-ad-dc; generated; vendor preset: enabled)
Active: active (exited) since Mon 2019-04-08 18:42:21 CEST; 17h ago
Docs: man:systemd-sysv-generator(8)
Tasks: 0 (limit: 4915)
Memory: 0B
CPU: 0
CGroup: /system.slice/samba-ad-dc.service
Apr 08 18:42:20 myserver01 systemd[1]: Starting LSB: Samba daemons for the AD DC...
Apr 08 18:42:21 myserver01 samba-ad-dc[24329]: Starting Samba AD DC daemon: samba.
Apr 08 18:42:21 myserver01 systemd[1]: Started LSB: Samba daemons for the AD DC.
root@myserver01:~#
Then I receive this:
root@myserver01:~# ucr dump| grep -iE "^samba/|^samba4/"
samba/acl/allow/execute/always: yes
samba/adminusers: administrator join-backup
samba/autostart: no
samba/deadtime: 15
samba/debug/level: 1
samba/domain/master: yes
samba/enable-msdfs: yes
samba/encrypt_passwords: yes
samba/getwd_cache: yes
samba/guest_account: nobody
samba/homedirletter: I
samba/homedirpath: %U
samba/homedirserver: myserver01
samba/kernel_oplocks: yes
samba/large_readwrite: yes
samba/map_to_guest: Bad User
samba/max_open_files: 32808
samba/max_xmit: 65535
samba/oplocks: yes
samba/preserve_case: yes
samba/profilepath: %U\windows-profiles\%a
samba/profileserver: myserver01
samba/quota/command: None
samba/read_raw: yes
samba/register/exclude/interfaces: docker0
samba/share/groups: no
samba/share/home: yes
samba/share/netlogon: yes
samba/short_preserve_case: yes
samba/store_dos_attributes: yes
samba/use_spnego: yes
samba/write_raw: yes
samba4/autostart: yes
samba4/backup/cron: 0 3 * * *
samba4/function/level: 2008_R2
samba4/ldap/base: DC=mydomain,DC=NL
samba4/ntacl/backend: native
samba4/role: DC
samba4/service/nmb: nmbd
samba4/service/smb: s3fs
samba4/sysvol/cleanup/cron: 4 4 * * *
samba4/sysvol/sync/cron: */5 * * * *
samba4/sysvol/sync/jitter: 60
samba4/sysvol/sync/setfacl/AU: false
root@myserver01:~#
Hi,
Strange. Packages are all installed as far as I can see. But UCR variables are not set at all. Missing all “samba4/” variables as well as the samba/interfaces ones…
Sorry, currently I am not having a clue what went wrong here.
/CV
This is really strange, while till last Saturday everything works fine!
Is there an option, to restore, or rebuild this?
Is this right?
While I search in the GUI Univention Configuration Registry samba4 I receive the following
|appcenter/apps/samba4/status|installed|
|---|---|
|appcenter/apps/samba4/ucs|4.4|
|appcenter/apps/samba4/version|4.10|
|connector/s4/mapping/dns/position||
|dns/backend|samba4|
|kerberos/autostart|no|
|samba4/addmachine||
|samba4/autostart|yes|
|samba4/backup/cron|0 3 * * *|
|samba4/backup/cron/options||
|samba4/dc||
|samba4/dcerpc/endpoint/drsuapi||
|samba4/disabled||
|samba4/function/level|2008_R2|
|samba4/join/dnsupdate||
|samba4/join/site||
|samba4/kccsrv/samba_kcc||
|samba4/ldap/base|DC=mydomain,DC=NL|
|samba4/ldb/sam/module/*||
|samba4/ntacl/backend|native|
|samba4/provision/primary||
|samba4/provision/secondary||
|samba4/role|DC|
|samba4/schema/update/allowed||
|samba4/service/drepl||
|samba4/service/nmb|nmbd|
|samba4/service/smb|s3fs|
|samba4/sysvol/cleanup/cron|4 4 * * *|
|samba4/sysvol/cleanup/parameters||
|samba4/sysvol/sync/cron|*/5 * * * *|
|samba4/sysvol/sync/debug||
|samba4/sysvol/sync/fix_gpt_ini||
|samba4/sysvol/sync/from_downstream||
|samba4/sysvol/sync/from_upstream||
|samba4/sysvol/sync/from_upstream/delete||
|samba4/sysvol/sync/jitter|60|
|samba4/sysvol/sync/setfacl/AU|false|
|security/packetfilter/package/univention-samba4/tcp/53/all|ACCEPT|
|security/packetfilter/package/univention-samba4/tcp/53/all/en|DNS|
|security/packetfilter/package/univention-samba4/tcp/88/all|ACCEPT|
|security/packetfilter/package/univention-samba4/tcp/88/all/en|Kerberos|
|security/packetfilter/package/univention-samba4/tcp/135/all|ACCEPT|
|security/packetfilter/package/univention-samba4/tcp/135/all/en|RPC (Samba)|
|security/packetfilter/package/univention-samba4/tcp/137:139/all|ACCEPT|
|security/packetfilter/package/univention-samba4/tcp/137:139/all/en|netbios (Samba)|
|security/packetfilter/package/univention-samba4/tcp/389/all|ACCEPT|
|security/packetfilter/package/univention-samba4/tcp/389/all/en|LDAP|
|security/packetfilter/package/univention-samba4/tcp/445/all|ACCEPT|
|security/packetfilter/package/univention-samba4/tcp/445/all/en|microsoft-ds (Samba)|
|security/packetfilter/package/univention-samba4/tcp/464/all|ACCEPT|
|security/packetfilter/package/univention-samba4/tcp/464/all/en|Kerberos change/set password|
|security/packetfilter/package/univention-samba4/tcp/636/all|ACCEPT|
|security/packetfilter/package/univention-samba4/tcp/636/all/en|LDAPS|
|security/packetfilter/package/univention-samba4/tcp/749/all|ACCEPT|
|security/packetfilter/package/univention-samba4/tcp/749/all/en|Kerberos admin|
|security/packetfilter/package/univention-samba4/tcp/1024/all|ACCEPT|
|security/packetfilter/package/univention-samba4/tcp/1024/all/en|KDM (Samba)|
|security/packetfilter/package/univention-samba4/tcp/3268/all|ACCEPT|
|security/packetfilter/package/univention-samba4/tcp/3268/all/en|LDAP GC (Samba)|
|security/packetfilter/package/univention-samba4/tcp/3269/all|ACCEPT|
|security/packetfilter/package/univention-samba4/tcp/3269/all/en|LDAP GC SSL (Samba)|
|security/packetfilter/package/univention-samba4/tcp/49152:65535/all|ACCEPT|
|security/packetfilter/package/univention-samba4/tcp/49152:65535/all/en|Dynamic RPC Ports (Samba)|
|security/packetfilter/package/univention-samba4/udp/53/all|ACCEPT|
|security/packetfilter/package/univention-samba4/udp/53/all/en|DNS|
|security/packetfilter/package/univention-samba4/udp/88/all|ACCEPT|
|security/packetfilter/package/univention-samba4/udp/88/all/en|Kerberos|
|security/packetfilter/package/univention-samba4/udp/123/all|ACCEPT|
|security/packetfilter/package/univention-samba4/udp/123/all/en|TIME|
|security/packetfilter/package/univention-samba4/udp/137:139/all|ACCEPT|
|security/packetfilter/package/univention-samba4/udp/137:139/all/en|netbios (Samba)|
|security/packetfilter/package/univention-samba4/udp/389/all|ACCEPT|
|security/packetfilter/package/univention-samba4/udp/389/all/en|LDAP|
|security/packetfilter/package/univention-samba4/udp/445/all|ACCEPT|
|security/packetfilter/package/univention-samba4/udp/445/all/en|microsoft-ds (Samba)|
|security/packetfilter/package/univention-samba4/udp/464/all|ACCEPT|
|security/packetfilter/package/univention-samba4/udp/464/all/en|Kerberos change/set password|
Is it an option to restore only the Samba4 settings?
When I review in next-cloud on the same server the LDAP/AD settings, all off them are green.
You might want to have a look at /var/univention-backup/ucr-backup_*
from before the update and compare it to a version from last night.
That’s strange, there’s a daily backup off this file till I upgrade the server last Saturday. so the latest backup is from April 6
I found the issue. when I compare the base.conf settings with the backup.
Last week the we add a second port on the: slapd/port/ldaps: 7636,636 settings
While the command by this settings are:
Unfortunately, this was only visible after the upgrade and the reboot.
Thanks for all your support!